Old bug report - https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=959953
On 13 March 2015 at 15:24, Andrew Holway <andrew.hol...@gmail.com> wrote: > Hi Dimitri > > type=AVC msg=audit(1426243559.181:623): avc: *denied* { create } for > pid=2740 comm="ns-slapd" name="imports" > scontext=system_u:system_r:dirsrv_t:s0 > tcontext=system_u:object_r:var_lock_t:s0 tclass=dir > > type=AVC msg=audit(1426243559.388:625): avc: *denied* { create } for > pid=2754 comm="ns-slapd" name="imports" > scontext=system_u:system_r:dirsrv_t:s0 > tcontext=system_u:object_r:var_lock_t:s0 tclass=dir > I cant find the name of the tool that scans the audit log and proposes > boolean changes. So much of this stuff seems to be GUI tools. > > > On 13 March 2015 at 14:15, Dmitri Pal <d...@redhat.com> wrote: > >> On 03/13/2015 07:43 AM, Andrew Holway wrote: >> >> Hallo >> >> I have a quite odd situation. I am using saltstack to set up freeipa >> servers on Centos 7 but I am getting the following error: >> >> failed to create ds instance Command '/usr/sbin/setup-ds.pl --silent >> --logfile - -f /tmp/tmp5witgD' returned non-zero exit status 1 >> >> Saltstack outputs the command it is trying to run: >> >> ipa-server-install -a password --realm CLOUD.DOMAIN.DE -P password -p >> password -n cloud.domain.de --setup-dns --unattended --no-forwarders >> >> However if I run this command manually on a clean machine it works fine. >> >> It works on Centos 6. >> >> >> >> It usually means that you have different privileges and context when you >> are running command manually and via SaltStack. >> There is probably a different user and a different SELinux context. >> Do you see any AVC denials? >> >> It really seems that you have two DS instances going on the same machine. >> I suspewt that when run manually as root you sort of override the lock and >> things go through but when you do it via SaltStack it is different. >> >> Why do you need two DS instances? >> >> >> >> >> >> I see this in the slapd error log: >> >> [root@freeipa-2 slapd-CLOUD-NATIVE-INSTRUMENTS-DE]# cat errors >> 389-Directory/1.3.1.6 B2014.219.1825 >> freeipa-2.cloud.native-instruments.de:389 >> (/etc/dirsrv/slapd-CLOUD-NATIVE-INSTRUMENTS-DE) >> >> [13/Mar/2015:10:45:59 +0000] - Error - Unable to create >> /var/lock/dirsrv/slapd-CLOUD-NATIVE-INSTRUMENTS-DE/imports, Netscape >> Portable Runtime error -5966 (Access Denied.) >> [13/Mar/2015:10:45:59 +0000] - Shutting down due to possible conflicts >> with other slapd processes >> [13/Mar/2015:10:45:59 +0000] - Error - Unable to create >> /var/lock/dirsrv/slapd-CLOUD-NATIVE-INSTRUMENTS-DE/imports, Netscape >> Portable Runtime error -5966 (Access Denied.) >> [13/Mar/2015:10:45:59 +0000] - Shutting down due to possible conflicts >> with other slapd processes >> [root@freeipa-2 slapd-CLOUD-NATIVE-INSTRUMENTS-DE]# cat errors | sed >> s/NATIVE-INSTRUMENTS/DOMAIN/g >> 389-Directory/1.3.1.6 B2014.219.1825 >> freeipa-2.cloud.native-instruments.de:389 >> (/etc/dirsrv/slapd-CLOUD-DOMAIN-DE) >> >> [13/Mar/2015:10:45:59 +0000] - Error - Unable to create >> /var/lock/dirsrv/slapd-CLOUD-DOMAIN-DE/imports, Netscape Portable Runtime >> error -5966 (Access Denied.) >> [13/Mar/2015:10:45:59 +0000] - Shutting down due to possible conflicts >> with other slapd processes >> [13/Mar/2015:10:45:59 +0000] - Error - Unable to create >> /var/lock/dirsrv/slapd-CLOUD-DOMAIN-DE/imports, Netscape Portable Runtime >> error -5966 (Access Denied.) >> [13/Mar/2015:10:45:59 +0000] - Shutting down due to possible conflicts >> with other slapd processes >> >> >> >> >> >> >> >> ipaserver-install.log >> >> 015-03-13T10:45:57Z DEBUG Loading StateFile from >> '/var/lib/ipa/sysrestore/sysrestore.state' >> 2015-03-13T10:45:57Z DEBUG Loading Index file from >> '/var/lib/ipa/sysrestore/sysrestore.index' >> 2015-03-13T10:45:57Z DEBUG httpd is not configured >> 2015-03-13T10:45:57Z DEBUG kadmin is not configured >> 2015-03-13T10:45:57Z DEBUG dirsrv is not configured >> 2015-03-13T10:45:57Z DEBUG pki-cad is not configured >> 2015-03-13T10:45:57Z DEBUG pki-tomcatd is not configured >> 2015-03-13T10:45:57Z DEBUG install is not configured >> 2015-03-13T10:45:57Z DEBUG krb5kdc is not configured >> 2015-03-13T10:45:57Z DEBUG ntpd is not configured >> 2015-03-13T10:45:57Z DEBUG named is not configured >> 2015-03-13T10:45:57Z DEBUG ipa_memcached is not configured >> 2015-03-13T10:45:57Z DEBUG filestore is tracking no files >> 2015-03-13T10:45:57Z DEBUG Loading Index file from >> '/var/lib/ipa-client/sysrestore/sysrestore.index' >> 2015-03-13T10:45:57Z DEBUG /usr/sbin/ipa-server-install was invoked with >> options: {'reverse_zone': None, 'mkhomedir': False, 'create_sshfp': True, >> 'conf_sshd': True, 'conf_ntp': True, 'subject': None, 'no_forwarders': >> True, 'ui_redirect': True, 'domain_name': 'cloud.domain.de', 'idmax': 0, >> 'hbac_allow': False, 'no_reverse': False, 'dirsrv_pkcs12': None, >> 'unattended': True, 'trust_sshfp': False, 'external_ca_file': None, >> 'no_host_dns': False, 'http_pkcs12': None, 'realm_name': 'CLOUD.DOMAIN.DE', >> 'forwarders': None, 'idstart': 1544400000, 'external_ca': False, >> 'ip_address': None, 'conf_ssh': True, 'zonemgr': None, 'root_ca_file': >> None, 'setup_dns': True, 'host_name': None, 'debug': False, >> 'external_cert_file': None, 'uninstall': False} >> 2015-03-13T10:45:57Z DEBUG missing options might be asked for >> interactively later >> >> 2015-03-13T10:45:57Z DEBUG Loading Index file from >> '/var/lib/ipa/sysrestore/sysrestore.index' >> 2015-03-13T10:45:57Z DEBUG Loading StateFile from >> '/var/lib/ipa/sysrestore/sysrestore.state' >> 2015-03-13T10:45:57Z DEBUG Starting external process >> 2015-03-13T10:45:57Z DEBUG args=/bin/systemctl is-enabled chronyd.service >> 2015-03-13T10:45:57Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:57Z DEBUG stdout=enabled >> >> 2015-03-13T10:45:57Z DEBUG stderr= >> 2015-03-13T10:45:57Z DEBUG Starting external process >> 2015-03-13T10:45:57Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS >> 2015-03-13T10:45:57Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:57Z DEBUG stdout=VirtualHost configuration: >> *:8443 is a NameVirtualHost >> default server freeipa-2.cloud.domain.de >> (/etc/httpd/conf.d/nss.conf:86) >> port 8443 namevhost freeipa-2.cloud.domain.de >> (/etc/httpd/conf.d/nss.conf:86) >> port 8443 namevhost freeipa-2.cloud.domain.de >> (/etc/httpd/conf.d/nss.conf:86) >> >> 2015-03-13T10:45:57Z DEBUG stderr= >> 2015-03-13T10:45:57Z DEBUG Check if freeipa-2.cloud.domain.de is a >> primary hostname for localhost >> 2015-03-13T10:45:57Z DEBUG Primary hostname for localhost: >> freeipa-2.cloud.domain.de >> 2015-03-13T10:45:57Z DEBUG will use host_name: freeipa-2.cloud.domain.de >> >> 2015-03-13T10:45:57Z DEBUG Starting external process >> 2015-03-13T10:45:57Z DEBUG args=/sbin/ip -family inet -oneline address >> show >> 2015-03-13T10:45:57Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:57Z DEBUG stdout=1: lo inet 127.0.0.1/8 scope host >> lo\ valid_lft forever preferred_lft forever >> 2: eth0 inet 10.16.1.100/24 brd 10.16.1.255 scope global dynamic >> eth0\ valid_lft 2770sec preferred_lft 2770sec >> >> 2015-03-13T10:45:57Z DEBUG stderr= >> 2015-03-13T10:45:57Z DEBUG will use dns_forwarders: () >> >> 2015-03-13T10:45:57Z DEBUG importing all plugin modules in >> '/usr/lib/python2.7/site-packages/ipalib/plugins'... >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/config.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/group.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/host.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py' >> 2015-03-13T10:45:57Z DEBUG Starting external process >> 2015-03-13T10:45:57Z DEBUG args=klist -V >> 2015-03-13T10:45:57Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:57Z DEBUG stdout=Kerberos 5 version 1.11.3 >> >> 2015-03-13T10:45:57Z DEBUG stderr= >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/realmdomains.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/role.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/service.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/user.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipalib/plugins/xmlclient.py' >> 2015-03-13T10:45:57Z DEBUG importing all plugin modules in >> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins'... >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/adtrust.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/baseupdate.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/dns.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/fix_replica_agreements.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/rename_managed.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_anonymous_aci.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_idranges.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_pacs.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_services.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py' >> 2015-03-13T10:45:57Z DEBUG importing plugin module >> '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/upload_cacrt.py' >> 2015-03-13T10:45:58Z DEBUG Adding DS group dirsrv >> 2015-03-13T10:45:58Z DEBUG Starting external process >> 2015-03-13T10:45:58Z DEBUG args=/usr/sbin/groupadd -r dirsrv >> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:58Z DEBUG stdout= >> 2015-03-13T10:45:58Z DEBUG stderr= >> 2015-03-13T10:45:58Z DEBUG Done adding DS group >> 2015-03-13T10:45:58Z DEBUG Starting external process >> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-enabled chronyd.service >> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:58Z DEBUG stdout=enabled >> >> 2015-03-13T10:45:58Z DEBUG stderr= >> 2015-03-13T10:45:58Z DEBUG Starting external process >> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-active chronyd.service >> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:58Z DEBUG stdout=active >> >> 2015-03-13T10:45:58Z DEBUG stderr= >> 2015-03-13T10:45:58Z DEBUG Saving StateFile to >> '/var/lib/ipa/sysrestore/sysrestore.state' >> 2015-03-13T10:45:58Z DEBUG Saving StateFile to >> '/var/lib/ipa/sysrestore/sysrestore.state' >> 2015-03-13T10:45:58Z DEBUG Starting external process >> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl stop chronyd.service >> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:58Z DEBUG stdout= >> 2015-03-13T10:45:58Z DEBUG stderr= >> 2015-03-13T10:45:58Z DEBUG Starting external process >> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl disable chronyd.service >> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:58Z DEBUG stdout= >> 2015-03-13T10:45:58Z DEBUG stderr=rm >> '/etc/systemd/system/multi-user.target.wants/chronyd.service' >> >> 2015-03-13T10:45:58Z DEBUG Loading StateFile from >> '/var/lib/ipa/sysrestore/sysrestore.state' >> 2015-03-13T10:45:58Z DEBUG Configuring NTP daemon (ntpd) >> 2015-03-13T10:45:58Z DEBUG [1/4]: stopping ntpd >> 2015-03-13T10:45:58Z DEBUG Starting external process >> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-active ntpd.service >> 2015-03-13T10:45:58Z DEBUG Process finished, return code=3 >> 2015-03-13T10:45:58Z DEBUG stdout=unknown >> >> 2015-03-13T10:45:58Z DEBUG stderr= >> 2015-03-13T10:45:58Z DEBUG Saving StateFile to >> '/var/lib/ipa/sysrestore/sysrestore.state' >> 2015-03-13T10:45:58Z DEBUG Starting external process >> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl stop ntpd.service >> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:58Z DEBUG stdout= >> 2015-03-13T10:45:58Z DEBUG stderr= >> 2015-03-13T10:45:58Z DEBUG duration: 0 seconds >> 2015-03-13T10:45:58Z DEBUG [2/4]: writing configuration >> 2015-03-13T10:45:58Z DEBUG Backing up system configuration file >> '/etc/ntp.conf' >> 2015-03-13T10:45:58Z DEBUG Saving Index File to >> '/var/lib/ipa/sysrestore/sysrestore.index' >> 2015-03-13T10:45:58Z DEBUG Backing up system configuration file >> '/etc/sysconfig/ntpd' >> 2015-03-13T10:45:58Z DEBUG Saving Index File to >> '/var/lib/ipa/sysrestore/sysrestore.index' >> 2015-03-13T10:45:58Z DEBUG duration: 0 seconds >> 2015-03-13T10:45:58Z DEBUG [3/4]: configuring ntpd to start on boot >> 2015-03-13T10:45:58Z DEBUG Starting external process >> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-enabled ntpd.service >> 2015-03-13T10:45:58Z DEBUG Process finished, return code=1 >> 2015-03-13T10:45:58Z DEBUG stdout=disabled >> >> 2015-03-13T10:45:58Z DEBUG stderr= >> 2015-03-13T10:45:58Z DEBUG Saving StateFile to >> '/var/lib/ipa/sysrestore/sysrestore.state' >> 2015-03-13T10:45:58Z DEBUG Starting external process >> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl enable ntpd.service >> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:58Z DEBUG stdout= >> 2015-03-13T10:45:58Z DEBUG stderr=ln -s >> '/usr/lib/systemd/system/ntpd.service' >> '/etc/systemd/system/multi-user.target.wants/ntpd.service' >> >> 2015-03-13T10:45:58Z DEBUG duration: 0 seconds >> 2015-03-13T10:45:58Z DEBUG [4/4]: starting ntpd >> 2015-03-13T10:45:58Z DEBUG Starting external process >> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl start ntpd.service >> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:58Z DEBUG stdout= >> 2015-03-13T10:45:58Z DEBUG stderr= >> 2015-03-13T10:45:58Z DEBUG Starting external process >> 2015-03-13T10:45:58Z DEBUG args=/bin/systemctl is-active ntpd.service >> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:58Z DEBUG stdout=active >> >> 2015-03-13T10:45:58Z DEBUG stderr= >> 2015-03-13T10:45:58Z DEBUG duration: 0 seconds >> 2015-03-13T10:45:58Z DEBUG Done configuring NTP daemon (ntpd). >> 2015-03-13T10:45:58Z DEBUG Loading StateFile from >> '/var/lib/ipa/sysrestore/sysrestore.state' >> 2015-03-13T10:45:58Z DEBUG Configuring directory server (dirsrv): >> Estimated time 1 minute >> 2015-03-13T10:45:58Z DEBUG [1/38]: creating directory server user >> 2015-03-13T10:45:58Z DEBUG Adding DS user dirsrv >> 2015-03-13T10:45:58Z DEBUG Starting external process >> 2015-03-13T10:45:58Z DEBUG args=/usr/sbin/useradd -g dirsrv -c DS System >> User -d /var/lib/dirsrv -s /sbin/nologin -M -r dirsrv >> 2015-03-13T10:45:58Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:58Z DEBUG stdout= >> 2015-03-13T10:45:58Z DEBUG stderr= >> 2015-03-13T10:45:58Z DEBUG Done adding DS user >> 2015-03-13T10:45:58Z DEBUG duration: 0 seconds >> 2015-03-13T10:45:58Z DEBUG [2/38]: creating directory server instance >> 2015-03-13T10:45:58Z DEBUG Saving StateFile to >> '/var/lib/ipa/sysrestore/sysrestore.state' >> 2015-03-13T10:45:58Z DEBUG Backing up system configuration file >> '/etc/sysconfig/dirsrv' >> 2015-03-13T10:45:58Z DEBUG Saving Index File to >> '/var/lib/ipa/sysrestore/sysrestore.index' >> 2015-03-13T10:45:58Z DEBUG >> dn: dc=cloud,dc=domain,dc=de >> objectClass: top >> objectClass: domain >> objectClass: pilotObject >> dc: cloud >> info: IPA V2.0 >> >> 2015-03-13T10:45:58Z DEBUG writing inf template >> 2015-03-13T10:45:58Z DEBUG >> [General] >> FullMachineName= freeipa-2.cloud.domain.de >> SuiteSpotUserID= dirsrv >> SuiteSpotGroup= dirsrv >> ServerRoot= /usr/lib64/dirsrv >> [slapd] >> ServerPort= 389 >> ServerIdentifier= CLOUD-DOMAIN-DE >> Suffix= dc=cloud,dc=domain,dc=de >> RootDN= cn=Directory Manager >> InstallLdifFile= /var/lib/dirsrv/boot.ldif >> inst_dir= /var/lib/dirsrv/scripts-CLOUD-DOMAIN-DE >> >> 2015-03-13T10:45:58Z DEBUG calling setup-ds.pl >> 2015-03-13T10:45:58Z DEBUG Starting external process >> 2015-03-13T10:45:58Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile >> - -f /tmp/tmp5witgD >> 2015-03-13T10:45:59Z DEBUG Process finished, return code=1 >> 2015-03-13T10:45:59Z DEBUG stdout=[15/03/13:10:45:59] - [Setup] Info >> Could not import LDIF file '/var/lib/dirsrv/boot.ldif'. Error: 256. >> Output: importing data ... >> [13/Mar/2015:10:45:59 +0000] - Error - Unable to create >> /var/lock/dirsrv/slapd-CLOUD-DOMAIN-DE/imports, Netscape Portable Runtime >> error -5966 (Access Denied.) >> [13/Mar/2015:10:45:59 +0000] - Shutting down due to possible conflicts >> with other slapd processes >> >> Could not import LDIF file '/var/lib/dirsrv/boot.ldif'. Error: 256. >> Output: importing data ... >> [13/Mar/2015:10:45:59 +0000] - Error - Unable to create >> /var/lock/dirsrv/slapd-CLOUD-DOMAIN-DE/imports, Netscape Portable Runtime >> error -5966 (Access Denied.) >> [13/Mar/2015:10:45:59 +0000] - Shutting down due to possible conflicts >> with other slapd processes >> >> [15/03/13:10:45:59] - [Setup] Fatal Error: Could not create directory >> server instance 'CLOUD-DOMAIN-DE'. >> Error: Could not create directory server instance 'CLOUD-DOMAIN-DE'. >> [15/03/13:10:45:59] - [Setup] Fatal Exiting . . . >> Log file is '-' >> >> Exiting . . . >> Log file is '-' >> >> >> 2015-03-13T10:45:59Z DEBUG stderr= >> 2015-03-13T10:45:59Z CRITICAL failed to create ds instance Command >> '/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmp5witgD' returned >> non-zero exit status 1 >> 2015-03-13T10:45:59Z DEBUG restarting ds instance >> 2015-03-13T10:45:59Z DEBUG Starting external process >> 2015-03-13T10:45:59Z DEBUG args=/bin/systemctl --system daemon-reload >> 2015-03-13T10:45:59Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:59Z DEBUG stdout= >> 2015-03-13T10:45:59Z DEBUG stderr= >> 2015-03-13T10:45:59Z DEBUG Starting external process >> 2015-03-13T10:45:59Z DEBUG args=/bin/systemctl restart >> dirsrv@CLOUD-DOMAIN-DE.service >> 2015-03-13T10:45:59Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:59Z DEBUG stdout= >> 2015-03-13T10:45:59Z DEBUG stderr= >> 2015-03-13T10:45:59Z DEBUG Starting external process >> 2015-03-13T10:45:59Z DEBUG args=/bin/systemctl is-active >> dirsrv@CLOUD-DOMAIN-DE.service >> 2015-03-13T10:45:59Z DEBUG Process finished, return code=0 >> 2015-03-13T10:45:59Z DEBUG stdout=active >> >> 2015-03-13T10:45:59Z DEBUG stderr= >> 2015-03-13T10:45:59Z DEBUG wait_for_open_ports: localhost [389] timeout >> 300 >> 2015-03-13T10:50:59Z CRITICAL Failed to restart the directory server (). >> See the installation log for details. >> 2015-03-13T10:50:59Z DEBUG done restarting ds instance >> 2015-03-13T10:50:59Z DEBUG duration: 301 seconds >> 2015-03-13T10:50:59Z DEBUG [3/38]: adding default schema >> 2015-03-13T10:50:59Z DEBUG duration: 0 seconds >> 2015-03-13T10:50:59Z DEBUG [4/38]: enabling memberof plugin >> 2015-03-13T10:50:59Z DEBUG wait_for_open_ports: freeipa-2.cloud.domain.de >> [389] timeout 10 >> 2015-03-13T10:51:09Z DEBUG Could not connect to the Directory Server on >> freeipa-2.cloud.domain.de: >> 2015-03-13T10:51:09Z DEBUG File >> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line >> 638, in run_script >> return_value = main_function() >> >> File "/usr/sbin/ipa-server-install", line 1059, in main >> hbac_allow=not options.hbac_allow) >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line >> 323, in create_instance >> self.start_creation(runtime=60) >> >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 364, in start_creation >> method() >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line >> 501, in __add_memberof_module >> self._ldap_mod("memberof-conf.ldif") >> >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 152, in _ldap_mod >> self.ldap_connect() >> >> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", >> line 99, in ldap_connect >> conn.do_simple_bind(bindpw=self.dm_password) >> >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >> 1735, in do_simple_bind >> self.__bind_with_wait(self.conn.simple_bind_s, timeout, binddn, >> bindpw) >> >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >> 1730, in __bind_with_wait >> self.__wait_for_connection(timeout) >> >> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line >> 1719, in __wait_for_connection >> wait_for_open_ports(host, int(port), timeout) >> >> File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line >> 1096, in wait_for_open_ports >> raise socket.timeout() >> >> 2015-03-13T10:51:09Z DEBUG The ipa-server-install command failed, >> exception: timeout: >> >> >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IdM portfolio >> Red Hat, Inc. >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project